passwords

问题 I have spent several hours trying to find a means of writing a cross platform password prompt in php that hides the password that is input by the user. While this is easily accomplished in Unix environments through the use of stty -echo, I have tried various means of passthru() and system() calls to make windows do the same thing to no avail. I have tried: passthru('set /p pass=Password: '); system('echo %pass% > out.txt'); $pass = file_get_contents('out.txt', 'r'); This seems to hang on the

问题 Can users request that their password be emailed to themselves if the password is stored as a hash value? Is there any way to convert a hash value to the clear text value with the proper information (& what information would you need)? If a user has the same password hash value stored on two sites, would their password be the same for both sites? 回答1: If you're only storing a hash of the password, then no. ...and you should only be storing a properly-salted hash of their password, anyway.

问题 We have a number of network services and web-apps authenticating users differently, some with different password requirements for very bad technical reasons. For example, one system refused $ signs until someone "fixed" the string handling in some Perl scripts. Another system appears to parse @ signs in passwords. Another system issues users passwords to them, and the developer was proud to show me that it was a reversible transformation of the username. I understand that password hashes are

问题 How can I password protect my website during development with htaccess in Cakephp? which htaccess file do I have to change? what do I have to write in the htaccess where do I put the .htpasswd? I searched google for that but couldn't find anything useful, I hope you could help me! Thanks Till that helped me solve the problem! For CakePHP-Users: - Modify the .htaccess in /app/webroot/ - add something like that at the beginning of the .htaccess-file: AuthName "Restricted Area" AuthType Basic

问题 I am looking for an example of salting passwords withing a T-SQL Stored Procedure. And of course the matching proc to validate a user. CREATE PROC ChangePassword(@Username nVarChar(50), @Password nVarChar(50)) CREATE PROC ValidateUser(@Username nVarChar(50), @Password nVarChar(50)) 回答1: First, I'm going to go out on a limb here and say that hashing passwords in the database is in general a bad practice with respect to security. You would not be protected against traffic sniffers watching

问题 I'm trying to fill two forms and login to my banks website. I can get the first form for the username to fill but I can't seem to get the form for the password to fill. Here's the code I'm using: from splinter import Browser username2 = '***' password2 = '***' browser2 = Browser() browser2.visit('http://mijn.ing.nl') browser2.find_by_css('.firstfield').fill(username2) browser2.find_by_id('#easnhbcc').fill(password2) and this is the full traceback: /usr/local/bin/python2 "/Users/narekaramjan

问题 I'm trying to fill two forms and login to my banks website. I can get the first form for the username to fill but I can't seem to get the form for the password to fill. Here's the code I'm using: from splinter import Browser username2 = '***' password2 = '***' browser2 = Browser() browser2.visit('http://mijn.ing.nl') browser2.find_by_css('.firstfield').fill(username2) browser2.find_by_id('#easnhbcc').fill(password2) and this is the full traceback: /usr/local/bin/python2 "/Users/narekaramjan

问题 I'm using the ASP.Net SqlMembershipProvider to manage my users. Here is my config: <membership defaultProvider="SqlProvider" userIsOnlineTimeWindow="15"> <providers> <clear /> <add name="SqlProvider" type="System.Web.Security.SqlMembershipProvider, System.Web, Version=2.0.0.0, Culture=neutral, PublicKeyToken=b03f5f7f11d50a3a" connectionStringName="SiteDatabase" applicationName="WPR" minRequiredPasswordLength="6" minRequiredNonalphanumericCharacters="0" enablePasswordRetrieval="false"

问题 I'm reading so much conflicting advice as to how to store passwords securely. All I know for sure is not to use MD5! I've seen people advocate using PHP's bcrypt function, which seems like it'd hog the server's processor. I've seen advocates for salts, and advocates for not using salts. It's all just so unclear. Is there real and credible advice as to how to store passwords securely? Edit: After a fair amount of research, I found an article from ;login: that deals with the topic in quite some

问题 I'm trying to make a "normal" username/password login form secure, without needing HTTPS. My idea is this: Server generates a keypair for some kind of assymetric encryption algorithm. It stores this keypair in a temporary table of sorts (or perhaps the local session data). Server sends the form to the client and includes the public key. User fills in the form. Before it's sent to the server, Javascript encrypts the password using the given public key. Form is sent. Server decrypts the